Create a capability profile

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Create a profile and select the McAfee ePO capabilities that you want the profile to run.

    Avant de commencer

    Role required: ServiceNow AI Platform® Security incident administrator (sn_si.admin)

    Pourquoi et quand exécuter cette tâche

    For this step of the configuration, you create a profile for the McAfee ePO capabilities. When you create profiles, consider the intention of the profile before you add McAfee ePO capabilities to it. Refer to the following table when you create profiles.

    The following table lists the capabilities that you are required to add to a profile if you want the profile perform certain queries or actions. Create a single profile that runs queries for host details, initiates malware scans, remove isolation, and isolates host machines, or, create multiple profiles, each with its own, single capability.

    Procédure

    1. Navigate to McAfee ePO Integration > McAfee ePO Capability Profiles.
      The McAfee ePO Capability Profiles list is displayed.
    2. Click New.
    3. On the form, fill the fields.
      FieldDescription
      Name Name for the McAfee ePO capability profile. This name helps you identify the profile type and describe it. An example for a profile that runs queries is, Host and Threat Details. This name is also the name for the security tag for this profile by default.
      Description Additional information about the profile that further describes the activities of the profile. An example description for a profile that runs queries is, Threat enrichment for system details and a list of threat events. An example description for a profile that runs actions is, Isolate host machine.
      Source Name of the McAfee ePO server. Only configured servers are available from the choice list.
      McAfee ePO Capability Capabilities of the McAfee ePO profile. McAfee ePO supports the following capabilities:
      • Get Host Details
      • Isolate Host Profile
      • Initiate Malware Scan
      • Remove Isolation
      • List Threat Events

      Select the capabilities you want for this profile from the Available column and move them to the Selected column.

      You can't add Get Host Details, Initiate Malware Scan and List Threat Events in the same profile, and you can't add Remove Isolation and Isolate Host on the same profile.
      Order Workflow priority. Default is 100. The value of this field indicates the order that workflows are executed when two or more profiles share triggering conditions.

      The workflow with the lowest number has the highest priority.

      To set the order of operation, enter a value. For example, 100, 200, 300, 400.
      Active The check box is selected by default to indicate that the profile is active.

      When selected, the profile is active and triggers automatically when a security incident is created that matches the filtering conditions that you specify during the configuration step.

      When inactive, the profile will not run, and it is not available to invoke from a list.

      McAfee EPO capability profile details

    4. To save and validate the profile, click Continue.
      If validation is successful, the page reloads and the Configuration form is displayed.

    Que faire ensuite

    The next step is to configure your profile. Before you configure the settings for the profile, you may prefer to review the concepts for configuring profiles and triggering conditions. See Set up your McAfee ePO console to integrate with Security Incident Response (SIR) and Defining triggering conditions with a Configuration item (CI) field for more information.